In case you want to authenticate your clients with certificates signed by your trusted CA you have to include CA public certificate in trust store.Trust store configuration is as simple as key store configuration, methods just start with trust not key.